Dynamic Depth Inspection

PublishedNovember 16, 2010

Assigneenot available in USPTO data we have

Technical Abstract

Patent Claims

17 claims

Legal claims defining the scope of protection, as filed with the USPTO.

1. A method for detecting network threats comprising: performing, using at least one processor, a mandatory threat detection procedure on data received via a network; determining whether to perform at least one of a plurality of optional threat detection procedures on at least a portion of the data, the determination based at least in part on: resources required for the mandatory threat detection procedure, wherein remaining resources are allocated to the plurality of optional threat detection procedures; a frequency at which each of the plurality of optional threat detection procedures should be performed; and a selection criterion that is established to determine probabilistically whether at least one of the plurality of optional threat detection procedures will be performed with respect to a particular set of data; and performing one or more of the at least one of the plurality of optional threat detection procedures if determined that the one or more of the at least one of the plurality of optional threat detection procedures should be performed.

2. The method recited in claim 1 wherein determining whether to perform at least one of the plurality of optional threat detection procedures is further based at least in part on resources required for mandatory threat detection processing.

3. The method recited in claim 1 further comprising determining what processing resources are available to perform at least one of the plurality of optional threat detection procedures and establishing a selection criterion to be used to determine whether at least one of the plurality of optional threat detection procedures will be applied to a particular set of data and wherein determining whether to perform at least one of the plurality of optional threat detection procedures includes applying the selection criterion to the data.

4. The method recited in claim 3 wherein determining what processing resources are available to perform at least one of the plurality of optional threat detection procedures includes allocating to each of the plurality of optional threat detection procedures a portion of a total amount of resources determined to be available to perform optional threat detection procedures.

5. The method recited in claim 1 wherein a criterion used to determine whether at least one of the plurality of optional threat detection procedures should be performed is determined dynamically.

6. The method recited in claim 1 wherein a criterion used to determine whether at least one of the plurality of optional threat detection procedures should be performed is determined dynamically based at least in part on a dynamic determination of the resources available to perform optional threat detection procedures.

7. The method recited in claim 1 wherein a criterion used to determine whether at least one of the plurality of optional threat detection procedures should be performed is determined dynamically based at least in part on a user input.

8. The method recited in claim 1 wherein a criterion used to determine whether at least one of the plurality of optional threat detection procedures should be performed is determined dynamically based at least in part on a dynamic assessment of network traffic load.

9. The method recited in claim 1 further comprising updating a criterion used to determine whether at least one of the plurality of optional threat detection procedures should be performed.

10. The method recited in claim 1 further comprising updating at a prescribed interval a criterion used to determine whether at least one of the plurality of optional threat detection procedures should be performed.

11. The method recited in claim 1 wherein determining whether at least one of the plurality of optional threat detection procedures should be performed includes determining whether the data includes a portion on which threat detection processing is not performed in all cases.

12. The method recited in claim 1 wherein determining whether at least one of the plurality of optional threat detection procedures should be performed includes whether any signatures or rules exist that could be applied to the data.

13. The method recited in claim 1 wherein determining whether at least one of the plurality of optional threat detection procedures should be performed includes determining whether any signatures or rules exist that could be applied to at least a portion of the data on which threat detection processing is not performed in all cases.

14. The method recited in claim 1 further comprising determining probabilistically for each of the plurality of optional threat detection procedures whether at least one of the plurality of optional threat detection procedures should be performed on a particular set of received data.

15. The method recited in claim 14 wherein determining probabilistically for each of the plurality of optional threat detection procedures whether at least one of the plurality of optional threat detection procedures should be performed on a particular set of received data comprises applying to the set of received data a selection criterion associated with at least one of the plurality of optional threat detection procedures.

16. A system for detecting network threats comprising: a communication interface configured to receive data received via a network; and a processor configured to: perform a mandatory threat detection procedure on the data; determining whether to perform at least one of a plurality of optional threat detection procedures on at least a portion of the data, the determination based at least in part on: resources required for the mandatory threat detection procedure, wherein remaining resources are allocated to the plurality of optional threat detection procedures; a frequency at which each of the plurality of optional threat detection procedures should be performed; and a selection criterion that is established to determine probabilistically whether at least one of the plurality of optional threat detection procedures will be performed with respect to a particular set of data; and performing one or more of the at least one of the plurality of optional threat detection procedures if determined that the one or more of the at least one of the plurality of optional threat detection procedures should be performed.

17. A computer program product for detecting network threats, the computer program product being embodied in a computer readable storage medium and comprising computer instructions for: performing a mandatory threat detection procedure on data received via a network; determining whether to perform at least one of a plurality of optional threat detection procedures on at least a portion of the data, the determination based at least in part on: resources required for the mandatory threat detection procedure, wherein remaining resources are allocated to the plurality of optional threat detection procedures; a frequency at which each of the plurality of optional threat detection procedures should be performed; and a selection criterion that is established to determine probabilistically whether at least one of the plurality of optional threat detection procedures will be performed with respect to a particular set of data; and performing one or more of the at least one of the plurality of optional threat detection procedures if determined that the one or more of the at least one of the plurality of optional threat detection procedures should be performed.

Patent Metadata

Filing Date

Unknown

Publication Date

November 16, 2010

Inventors

Brian Hernacki

Jeremy Bennett

Want to explore more patents?

Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.

Browse All Patents Try Prior Art Search